[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.3.2 Extended File Attributes

Extended file attributes are name-value pairs that can be associated with each node in a file system. Despite the fact that POSIX.1e draft which proposed them has been withdrawn, the extended file attributes are supported by many file systems. GNU tar can store extended file attributes along with the files. This feature is controlled by the following command line arguments:

`--xattrs'

Enable extended attributes support. When used with `--create', this option instructs GNU tar created archive. This implies POSIX.1-2001 archive format (`--format=pax').

When used with `--extract', this option tells tar, for each file extracted, to read stored attributes from the archive and to apply them to the file.

`--no-xattrs'

Disable extended attributes support. This is the default.

Attribute names are strings prefixed by a namespace name and a dot. Currently, four namespaces exist: `user', `trusted', `security' and `system'. By default, when `--xattr' is used, all names are stored in the archive (or extracted, if using `--extract'). This can be controlled using the following options:

`--xattrs-exclude=pattern'

Specify exclude pattern for extended attributes.

`--xattrs-include=pattern'

Specify include pattern for extended attributes.

Here, the pattern is POSIX regular expression. For example, the following command:

 
$ tar --xattrs --xattrs-exclude='^user\.' -c a.tar .

will include in the archive `a.tar' all attributes, except those from the `user' namespace.

Any number of these options can be given, thereby creating lists of include and exclude patterns.

When both options are used, first `--xattrs-inlcude' is applied to select the set of attribute names to keep, and then `--xattrs-exclude' is applied to the resulting set. In other words, only those attributes will be stored, whose names match one of the regexps in `--xattrs-inlcude' and don't match any of the regexps from `--xattrs-exclude'.

When listing the archive, if both `--xattrs' and `--verbose' options are given, files that have extended attributes are marked with an asterisk following their permission mask. For example:

 
-rw-r--r--* smith/users      110 2016-03-16 16:07 file

When two or more `--verbose' options are given, a detailed listing of extended attributes is printed after each file entry. Each attribute is listed on a separate line, which begins with two spaces and the letter `x' indicating extended attribute. It is followed by a colon, length of the attribute and its name, e.g.:

 
-rw-r--r--* smith/users      110 2016-03-16 16:07 file
  x:  7 user.mime_type
  x: 32 trusted.md5sum

File access control lists (ACL) are another actively used feature proposed by the POSIX.1e standard. Each ACL consists of a set of ACL entries, each of which describes the access permissions on the file for an individual user or a group of users as a combination of read, write and search/execute permissions.

Whether or not to use ACLs is controlled by the following two options:

`--acls'

Enable POSIX ACLs support. When used with `--create', this option instructs GNU tar to store ACLs in the created archive. This implies POSIX.1-2001 archive format (`--format=pax').

When used with `--extract', this option tells tar, to restore ACLs for each file extracted (provided they are present in the archive).

`--no-acls'

Disable POSIX ACLs support. This is the default.

When listing the archive, if both `--acls' and `--verbose' options are given, files that have ACLs are marked with a plus sing following their permission mask. For example:

 
-rw-r--r--+ smith/users      110 2016-03-16 16:07 file

When two or more `--verbose' options are given, a detailed listing of ACL is printed after each file entry:

 
-rw-r--r--+ smith/users      110 2016-03-16 16:07 file
  a: user::rw-,user:gray:-w-,group::r--,mask::rw-,other::r--
 

Security-Enhanced Linux (SELinux for short) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including so-called mandatory access controls (MAC). Support for SELinux attributes is controlled by the following command line options:

`--selinux'

Enable the SELinux context support.

`--no-selinux'

Disable SELinux context support.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated on May, 16 2016 using texi2html 1.76.